[Secure-testing-commits] r5649 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Apr 11 21:34:31 UTC 2007
Author: jmm-guest
Date: 2007-04-11 21:34:28 +0000 (Wed, 11 Apr 2007)
New Revision: 5649
Modified:
data/CVE/list
Log:
new mydms issue
two kernel issues fixed in 2.6.20
util-linux issue expected behaviour according to vendor-sec (lamont, shout if you disagree)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-11 21:32:22 UTC (rev 5648)
+++ data/CVE/list 2007-04-11 21:34:28 UTC (rev 5649)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [mydms SQL injection]
+ - mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
TODO: check
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
@@ -171,7 +173,9 @@
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
TODO: check
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
- TODO: check
+ - php5 5.2.0-9
+ - php4 6:4.4.4-9
+ NOTE: Dupe of CVE-2007-0906
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
TODO: check
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
@@ -309,8 +313,9 @@
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
NOT-FOR-US: Cisco Unified CallManager
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
- - php4 <unfixed> (medium)
- - php5 <unfixed> (medium)
+ - php5 5.2.0-9
+ - php4 6:4.4.4-9
+ NOTE: Dupe of CVE-2007-0906
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
- php5 <unfixed> (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
@@ -821,7 +826,7 @@
CVE-2007-1593
RESERVED
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
- - linux-2.6 <unfixed> (medium)
+ - linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
NOT-FOR-US: Trend Micro
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
@@ -1939,7 +1944,8 @@
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...)
- - util-linux <unfixed> (low)
+ - util-linux <unfixed> (unimportant)
+ NOTE: Expected behaviour; pam_acct_mgmt() requires prior pam_authenticate()
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...)
NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...)
@@ -5629,7 +5635,7 @@
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.20-1
CVE-2007-0004
RESERVED
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
More information about the Secure-testing-commits
mailing list